Determining when AD FS token signing and token decryption certificates expire
We know that our certificates for ADFS expire soon but have lost record of the exact date
AD FS
Authentication
Certificates
OKTA
TID-W
Tyler Identity Workforce
At the initial configuration time and when the certificates are approaching their expiration date AD FS is configured to generate token signing and token decryption certificates automatically. These certificates need to be uploaded to Okta when changed for Tyler clients integrating with Tyler Identity Workrforce (TID-W) to avoid service interruption
Run the below PowerShell scripts to determine primary token signing and token decrypting certificates expiry schedule
Get-AdfsCertificate –CertificateType token-signing
Get-AdfsCertificate –CertificateType token-decrypting
Contact Tyler Systems Management to coordinate replacement of certificates in Okta before expiration date
The IsPrimary value set to True designates the certificate that AD FS is currently using
The date by which a new primary token signing or decrypting certificate must be configured is designated by the NotAfter value